[Fixed] Unable to login - CSRF invalid
-
So, when I tried accessing the forums from my laptop tonight, I got logged out. Figured it was no big deal, just try to log in again. I get the following error:
Login Unsuccessful
We were unable to log you in, likely due to an expired session. Please try again.And the URL adds:
?error=csrf-invalid
I also see the error mini-toaster on any other navigation:
ERROR
invalid-sessionOk, figure I need a hard refresh. Nope, same login error. Clear cookies, nope, same error. Try Edge, which probably had been out for awhile, nope, same error. Try IE11, which never logged in, nope, same error. I cannot log back in on my laptop. Try Chrome for iPad, nope, same error. Honestly believe that if all my sessions die, I will never be able to log back in.
X-Upstream: 172.18.0.254:4567
-
I was just having this issue on my Chromebook: https://github.com/apapadimoulis/what-bugs/issues/138
-
@ChaosTheEternal said in Unable to login - CSRF invalid:
X-Upstream: 172.18.0.254:4567
That's the instance I just bounced because it was pegging the CPU and confusing ServerCooties. Is it better now?
-
@ben_lubar
Nope. Still can't log in.
-
@ChaosTheEternal said in Unable to login - CSRF invalid:
@ben_lubar
Nope. Still can't log in.7/6 04:14 [82] - error: /login invalid csrf token 7/6 04:15 [82] - error: /login invalid csrf token 7/6 04:34 [82] - error: /login invalid csrf token 7/6 04:35 [82] - error: /login invalid csrf token 7/6 04:39 [82] - info: [app] Shutdown (SIGTERM/SIGINT) Initialised. 7/6 04:39 [82] - info: [app] Database connection closed. 7/6 04:39 [82] - info: [app] Web server closed to connections. 7/6 04:39 [82] - info: [app] Shutdown complete.
7/6 04:40 [36] - error: /login invalid csrf token 7/6 04:40 [41] - error: /login invalid csrf token
hmm...
-
@ben_lubar
And now my mobile phone has lost its session and is seeing the same. My settings page says I only now have active sessions on my iPad (on Safari) and my work computer. Now, how long until they get kicked out too?
-
@ChaosTheEternal Ok, I added X-Forwarded-Proto as per expressjs/session#165. I can log in now when I test. Can you?
No idea why it suddenly stopped working.
-
@ben_lubar
Yup, I was able to log in again on my laptop and phone. Thanks.
-
The problem was caused by @julianlam's colon.
-
@ben_lubar said in [Fixed] Unable to login - CSRF invalid:
The problem was caused by @julianlam's colon.
@julianlam's shit broke the forums?
-
@Onyx said in [Fixed] Unable to login - CSRF invalid:
@julianlam's shit broke the forums?
That's one hard turd
-
I've been told I don't get enough fiber, so things aren't SPDY enough down south.